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ABSTRACT 



Systems and methods for dynamically creating new users 
having transparent computer access to a destination 
network, wherein the users otherwise have access to a home 
network through home network settings resident on the 
users' computers, and wherein the users can access the 
destination network without altering the home network 
settings. The system includes a gateway device for receiving 
a request from a user for access to the destination network, 
a user profile database comprising stored access information 
and in communication with the gateway device, and an 
Authentication, Authorization and Accounting (AAA) 
server in communication with the gateway device and user 
profile database. The AAA server determines if user is 
entitled to access the destination network based upon the 
access information stored within the user profile database, 
and wherein the AAA server redirects the user to a login 
page where the access information does not indicate the 
user's right to access the destination network. The systems 
and methods of the present invention can also redirect users 
having transparent computer access to a destination 
network, wherein the users otherwise have access to a home 
network through home network settings resident on the 
users' computers, and wherein the users can access the 
destination network without altering the home network 
settings. 

11 Claims, 1 Drawing Sheet 
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SYSTEMS AND METHODS FOR 
REDIRECTING USERS HAVING 
TRANSPARENT COMPUTER ACCESS TO A 
NETWORK USING A GATEWAY DEVICE 
HAVING REDIRECTION CAPABILITY 5 

CROSS-REFERENCE TO RELATED 
APPLICATIONS 

The present application claim priority from U.S. Provi- 
sional Patent Application Ser. No. 60/111,497, filed Dec. 8, lO 
1988 the contents of which are incorporated by reference. 

FIELD OF THE INVENTION 

The present invention relates generally to a gateway 
device and, more particularly, to a universal network gate- is 
way for redirecting to a portal page a computer transparently 
accessing a service provider network. 

BACKGROUND OF THE INVENTION 

In order for a computer to function properly in a network 20 
environment, the computer must be appropriately config- 
ured. Among other things, this configuration process estab- 
lishes the protocol and other parameters by which the 
computer transmits and receives data. In one common 
example, a plurality of computers are networked to create a 25 
local area network (LAN). In the LAN, each computer must 
be appropriately configured in order to exchange data over 
the network. Since most networks are customized to meet a 
unique set of requirements, computers that are part of 
different networks are generally configured in different 30 
manners in order to appropriately communicate with their 
respective networks. 

While desktop computers generally remain a part of the 
same network for a substantial period of time, laptops, 
handhelds, personal digital assistants (PDAs), cellphones or 35 
other portable computers (collectively "portable 
computers") are specifically designed to be transportable. As 
such, portable computers arc connected to different net- 
works al different times depending upon the location of the 
computer. In a common example in which the portable 40 
computer serves as an employee's desktop computer, the 
portable computer is configured to communicate with their 
employer's network, i.e., the enterprise network. When the 
employee travels, however, the portable computer may be 
connected to different networks that communicate in differ- 45 
ent manners. In this regard, the employee may connect the 
portable computer to the network maintained by an airport, 
a hotel, a cellular telephone network operator or any other 
locale in order to access the enterprise network, the Internet 
or some other on-line service. The portable computer is also 50 
commonly brought to the employee's residence where it is 
used to access various networks, such as, the enterprise 
network, a home network, the Internet and the like. Since 
these other networks are configured somewhat differently, 
however, the portable computer must also be reconfigured in 55 
order to properly communicate with these other networks. 
Typically, this configuration is performed by the user each 
time the portable computer is connected to a different 
network. As will be apparent, this repeated reconfiguration 
of the portable computer is not only quite time consuming, 60 
but is also prone to errors. The reconfiguration procedure 
may even be beyond the capabiUties of many users or in 
violation of their employer's IT policy. Importantly, special 
software must also typically be loaded onto the user's 
computer to support reconfiguration. 6S 

As described by U.S. patent application Ser. No. 08/816, 
174 and U.S. Provisional Patent Application Nos. 60/111, 
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497, 60/160,973, 60/161,189, 60A61,139, 60/160,890 and 
60/161,182, a universal subscriber gateway device has been 
developed by Nomadix, Inc. of Westlake Village, Calif. The 
contents of these applications are incorporated herein by 
reference. The gateway device serves as an interface con- 
necting the user to a number of networks or other online 
services. For example, the gateway device can serve as a 
gateway to the Internet, the enterprise network, or other 
networks and/or on-line services. In addition to serving as a 
gateway, the gateway device automaticaUy adapts to a 
computer, in order that it may communicate with the new 
network in a manner that is transparent both to the user and 
the new network. Once the gateway device has appropriately 
adapted to the user's computer, the computer can appropri- 
ately communicate via the new network, such as the network 
at a hotel, at home, at an airport, or any other location, in 
order to access other networks, such as the enterprise 
network, or other online services, such as the Internet. 

The portable computer user, and more specifically the 
remote or laptop user, benefits from being able to access a 
myriad of computer networks without having to undergo the 
time-consuming and all-too-often daunting task of reconfig- 
uring their host computer in accordance with network spe- 
cific configurations. In addition, no additional software need 
be loaded onto the computer prior to connection to the other 
network. From another perspective, the network service 
provider benefits from avoiding "on-site" visits and/or tech- 
nical support calls from the user who is unable to properly 
re-configure the portable computer. In this fashion, the 
gateway device is capable of providing more efficient net- 
work access and network maintenance to the user and the 
network operator. 

Gateway devices are typically used to provide network 
access to the remote portable computer user, such as users in 
hotels, airports and other location where the remote portable 
computer user may reside. Additionally, gateway devices 
have found wide-spread use in multi-resident dwellings as a 
means of providing the residents an intranet that networks 
the residents, broadband Internet access and the capability to 
adapt to the variances of the resident's individual enterprise 
network needs. With the advent of even smaller portable 
computing devices, such as handhelds, PDAs, and the like, 
the locations where these users may reside become almost 
limitless. 

Through gateway devices Internet Service Providers 
(ISPs) or enterprise network (such as a LAN established by 
an entity such as a hotel) providers can permit a wide variety 
of users simple and transparent access to their networks and 
to other online services. To lake advantage of transparent 
user access to their computer networks and online services 
enterprise networks or ISPs should be able to redirect users 
to portal pages thai the enterprise or internet service pro- 
viders wish the user to access or view. For instance, where 
users are located at an airport, the enterprise network admin- 
istrator may wish to direct users to a portal page containing 
arrival and departure information, or to a portal page having 
the user's itinerary thereon to provide the user an incentive 
to access the network. ISPs, for example, may wish users to 
access the ISPs portal page for up to the date news and 
weather, information regarding the user's Internet service, 
and paid advertisements. 

Homepage redirection has been accomplished in the prior 
art. For example, America Online (AOL) users, upon access- 
ing the internet, are directed to an AOL homepage from 
which the users can select a variety of AOL services, and 
which includes advertising from various companies. 
Typically, direction of users to such a page benefits the ISP 
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becaiise advertisers pay money to the [SP each lime a user 
accesses the Internet, as subscribers are a captive audience 
to advertising. Advertisers pay for such advertising not only 
because of the captive audience, but because advertisers can 
tailor advertisements based upon the typical audience 5 
accessing the internet. Furthermore, AOL may market its 
services through its homepage, and its homepage may be 
attractive to potential subscribers. Directing users to a par- 
ticular, page may serve an additional function. Users may be 
directed to a particular page, such as a login page, so that the lO 
user may enter login information to be authenticated and 
authorized access on the network. Furthermore, users may 
wish to establish their own specialized portal page, such as 
a page including favorite links, a page linking the user to the 
user's business, or a page including any other items relevant 15 
to the user. 

However, such redirection of users to homepages has 
been traditionally based upon software installed on a user's 
computer and/or configurations of user computers in com- 
munication with a home network. For example, where a '^^ 
user's computer is appropriately configured for access to a 
home network, the user's computer can be configured to 
access a particular homepage on that network. This can be 
the case, for example, in businesses where users computers 
are configured to access an intranet homepage or an internet 25 
page specific to that company and located on the internet. 

Therefore, a method and system would be desirable which 
enables a user transparent access to a computer network 
employing a gateway device where the computer network 
can provide access to users and direct the users to portal 
pages established by the user, network administrator or 
another entity, where the direction is preferably based upon 
attributes associated with a user, such as the user's location, 
identity, computer, or a combination thereof. Furthermore, 
such redirection should be able to redirect users to a login '^^ 
page when the user docs not otherwise have access to online 
services or networks so that the user may login to be 
authenticated and authorized access on the network. 

SUMMARY OF THE INVENTION '^o 

The present invention comprises a method and system for 
redirecting users to a portal page where users have trans- 
parent access to a computer network utilizing a gateway 
device. The method and system advantageously operates in 45 
a manner transparent to the user since the user need not 
reconfigure their computer and no additional software need 
be added to the computer for reconfiguration purposes. 

According to the invention, users accessing the gateway 
device are redirected to a portal page. Where stored user 50 
profiles permit the users access to the destination network, 
the users can be forwarded to the destination network or a 
portal page established by the network, user, or another 
entity. Otherwise, users are directed to a login page in which 
the users must input user information so that the users can 55 
obtain access to networks and online services. The redirec- 
tion function according to the present invention can be 
utilized to direct new or existing users to customized home- 
pages established by the gateway device or individual users. 

A method for dynamically creating new users having 60 
transparent computer access to a destination network is 
disclosed, wherein the users otherwise have access to a 
home network through home network settings resident on 
the users' computers, and wherein the users can access the 
destination network without altering the home network 65 
settings. The method includes receiving at a gateway device 
a request from a user for access to a destination network, 
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determining if the user is entitled access to the destination 
network based upon a user profile corresponding to the user 
and stored within a user profile database in communication 
with the gateway device, and redirecting the user to a login 
page when the user profile does not include rights to access 
the destination network. Furthermore, the method of the 
present invention can include the step of forwarding the user 
to the destination network when the user profile includes 
rights to access the destination network, llie method can 
also include the step of automatically redirecting the user to 
a portal page following receipt of a request for access to the 
destination network prior to determining if the user is 
entitled access to the destination network 

According to one aspect of the invention, the method can 
include the step of establishing a login page on a webserver 
local to the gateway device prior to redirecting the user to 
the login page. The method can also include accepting user 
information at the login page which is thereafter utihzed by 
the gateway device to authorize the user access to the 
destination network. The user profile database can be 
updated with the user information. 

According to another aspect of the invention, the user may 
be forwarded from the login page and returned to a portal 
page or directed to a destination address which can be an 
Internet destination address. Redirecting the user to a login 
page can include redirecting a browser located on the user's 
computer to the login page. Furthermore, redirecting the 
browser located on the user's computer can include receiv- 
ing a Hyper-Text Transfer Protocol (HTTP) request for the 
destination address and responding with an HTTP response 
corresponding to the login page. 

According to another embodiment of the invention, a 
system for dynamically creating new users having transpar- 
ent computer access to a destination network is disclosed, 
wherein the users otherwise have access to a home network 
through home network settings resident on the users' 
computers, and wherein the users can access the destination 
network without altering the home network settings. The 
system includes a gateway device for receiving a request 
from a user for access to the destination network, and a user 
profile database comprising stored access information and in 
communication with the gateway device. The system further 
includes an Authentication, Authorization and Accounting 
(AAA) server in communication with the gateway device 
and user profile database, where the AAA server determines 
if a user is entitled to access the destination network based 
upon the access information stored within the user profile 
database, and wherein the AAA server redirects the user to 
a login page where the access information does not indicate 
the user's right to access the destination network. The 
system can also direct the user to a portal page upon the 
user's access to the network, prior to determining the access 
rights of the user. 

According to one aspect of the invention, the login page 
is maintained local to the gateway device. The user profile 
database and AAA server can also be located within the 
gateway device. Furthermore, the user profile database can 
be located within the AAA server. 

According to another embodiment of the invention, the 
user profile database includes a plurality of user profiles, 
wherein each respective user profile of the plurality of user 
profiles contains access information. In addition, each 
respective user profile may contain historical data relating to 
the duration of destination network access for use in deter- 
mining the charges due for the destination network access. 

According to another embodiment of the invention, a 
method for redirecting users having transparent computer 
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access to a destination network is disclosed, wherein the which preferred embodiments of the invention are shown, 
users otherwise have access to a home network through This invention may, however, be embodied in many different 
home network settings resident on the users' computers, and forms and should not be construed as limited to the embodi- 
wherein the users can access the destination network without menis set forth herein; rather, these embodiments are pro- 
altering the home network settings. The method includes 5 vided so that this disclosure will be thorough and complete, 
receiving at a gateway device a request from a user for ^^^^ ^^^X convey the scope of the invention to those 
access to a destination address, such as an Internet address, skilled in the art. Like numbers refer to like elements 
and redirecting the user to a portal page, wherein the user throughout. 

computer remains configured for accessing the home Referring now to FIG. 1, a computer system 10 including 

network, and wherein no additional configuration software lO a gateway device 12 is depicted in block diagram form. The 

need be installed on the user's computer. Furthermore, computer system 10 typically includes a plurality of com- 

redirecting the user to a portal page can comprise redirecting puters 14 that access a computer network in order to gain 

the user to a portal page created by an administrator asso- access to networks 20 or other online services 22. For 

ciated with the portal page, or redirecting the user to a portal example, the computers 14 can be plugged into ports that are 

page customized by the user. is located in different rooms of a hotel, business, or a multi- 

According to another embodiment of the invention, a dwelling unit. Alternatively, the computers 14 can be 

system for redirecting users having transparent computer P^^S^^^ into ports m an airport, an arena or the like. The 

access to a destination network is disclosed, where the users S^/.^^^y ^^^^^^ provides an interface between the plu- 

othenvise have access to a home network through home rality of computers 14 and the various networks 20 or other 

network settings resident on the users' computers, and 20 online services 22. One embodiment of a gateway device has 

wherein the userscanaccessthedestinationnetworkwithout been described by the aforementioned U.S. patent applica- 

altcring the home network settings. The system includes a 08/816,174. 

gateway device for receiving a request from a user for access commonly, the gateway device 12 is located near the 

to the destination network, and an AAA server in commu- computers 14 at a relatively low position in the overall 

nication with the gateway device, where the AAA server 25 network (i.e., the gateway device 12 will be located withm 

intercepts the request from the user for access to the desti- ^otel, multi-unit residence, airport, etc.). However, the 

nation network and redirects the user to a portal page, gateway device 12 can be located at a higher position in the 

wherein the user's computer remains configured for access- system by being located closer to the vanous networks 20 or 

ing the home network, and wherein no additional configu- other online services 22, if so desired. For example, the 

ration software need be installed on the user's computer 30 gateway device 12 could be located at a network operating 

According to one aspect of the invention, the AAA server is center or could be located before or after a router 18 in the 

located entirely within the gateway device. The portal page computer network. Although the gateway device 12 can be 

of the system can also be maintained on a server local to the Physically embodied in many different fashions, the gateway 

gateway device. device 12 typically includes a controller and a memory 

. . . » r*i. . * J* c 35 device in which software is stored that defines the opera- 

Aunique advantage of the transparent redirection of users • , , , - • r i . i 

2 1 J • . • ■ . c .i_ tional characteristics of the gateway device 12. 

to a portal page, and, in certain circumstances from the , . j • u i_ jj ^ 

_^ , * I • i_ i_ •!_ r Alternatively, the gateway device 12 can be embedded 

portal page, to a login page where users subscribe for . / i . • . 

^ ^ 1 • »u r • . . 1 within another network device, such as an access concen- 

network access is that a user can obtain access to networks . . . .t. .i. * j c 

11- c. . trator 16 or a router 18. Moreover, the software that defines 

or online services without instaUing any software onto the n • r.i. . j ■ i-^ l . j 

, , r\ .1. . »i- '40 the ninctioning ot the gateway device 12 can be stored on a 

users computer. On the contrary, the entire process is n^-Ax^iA I .i. . u - .^-* . r .l. 

1 , 1 r . * .u A u .u *u J J PCMCIA card that can be inserted into a computer of the 

completely transparent to the user. As such, the method and , r . ^j- j . . 

^ e ,u . • PI-.. . . plurahty of computers 14 m order to automatically recon- 

apparatus of the present invention facilitates transparent ^ 1 . • . -.^ .. re . 

* J *• . 1 -.u . ■ • * figure the computer to communicate with a different com- 

access to destination networks without requinng a user to , u .l * i m j i* 

a . . 1 ..' -J . .u puter system, such as the networks 20 and online services 
reconfigure the home network settings resident on the user 

computer and without having to install reconfiguration soft- '^^1^ 

The computer system 10 typically includes an access 

^ " , , , ^ . , concentrator 16 positioned between the computers 14 and 

-nie method and system of the various embodimenls ^^^.^^ for multiplexing the signals received 

facilitate transparent access to a destination network. ^^^^ ,^^^,4 „f computers onto a link to the gateway 

According to one embodiment the method and system device 12. Depending upon the medium by which the 

facilitate the addition of new subscnbers to the network. ^™„„t^re i^ -,r^ tu» *k» 

,. , ,1- computers 14 are connected to the access concentrator, the 

According to ano her embodiment, all use^ can be redi- ^^^^^^ concentrator 16 can be configured in different man- 

lected to a portal page, which can include adverUsing, ^ ^ ^^^^ concentrator can be a digital 

without requmng reconfigui.it.on of the users computers, or subscriber line access multiplexer pSLAM) for signals 

new sottware to be added on the users computers. . j • i * t u i- ui u j ~i r 

^ 55 transmitted via regular telephone lines, a cable head end for 

BRIEF DESCRIPTION OF THE DRAWINGS signals transmitted via coaxial cables, a wireless access 

point (WAP) for signals transmitted via a wireless network, 

BG. 1 is a block diagram of a computer system that a cable modem termination shelf (CMTS), a switch or the 

includes a gateway device for automatically configuring one like. As also shown in FIG. 1, the computer system 10 

or more computers to communicate via the gateway device go typically includes one or more routers 18 and/or servers (not 

with other networks or other online services, according to shown in FIG. 1) to control or direct traffic to and from a 

one embodiment of the present invention. plurality of computer networks 20 or other online services 

DETAILED DESCRIPTION OF ONE ^^'^^ computer system 10 is depicted to have a 

EMBODIMENT OF THE INVENTION ^*"f ^°"*^.^' f ^"/°P^^^^ '^''"1^ ' P^"^^"^J 

65 routers, switches, badges, or the like that are arranged m 

The present invention now will be described more fully some hierarchical fashion in order to appropriately traffic to 

hereinafter with reference to the accompanying drawings, in and from the various networks 20 or online services 22. In 
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this regard, the gateway device 12 typically establishes a 
link with one or more routers. The routers, in turn, establish 
links with the servers of other networks or other online 
service providers, such as internet service providers, based 
upon the xiser's selection. It will be appreciated by one of 
ordinary skill in the art that one or more devices illustrated 
in FIG. 1 may be combinable. For example, although not 
shown, the router 18 may be located entirely within the 
gateway device 12. 

The gateway device 12 of the present invention is spe- 
cifically designed to adapt to the configuration of each of the 
computers 14 that log onto the computer system 10 in a 
manner that is transparent to the user and the computer 
networks 20 or online services 22. In the embodiment shown 
in FIG. 1, the computer system 10 employs dynamic host 
configuration protocol (DHCP) service, which is a protocol 
well known to those of skill in the art and currently imple- 
mented in many computer networks. In DHCP networks an 
IP address is assigned to an individual computer of the 
plurahty of computers 14 when the computer logs onto the 
computer network through communication with the gateway 
device 12. The DHCP service can be provided by an external 
DHCP server 24 or it can be provided by an internal DHCP 
server located within the gateway device. 

In order to allow a user of the computer to communicate 
transparently with computer networks 20 or online services 
22, the gateway device must be able to communicate with 
the user computer, as well as the various online services 22 
or networks 20. In order to support this communication, the 
gateway device 12 generally performs a packet translation 
function that is transparent to both the user and the network. 
In this regard, for outbound traffic from a computer to a 
network or on-line service, the gateway device 12 changes 
attributes within the packet coming from the user, such as 
the source address, checksum, and application specific 
parameters, to meet the criteria of the network to which the 
user has accessed. In addition, the outgoing packet includes 
an attribute that will direct all incoming packets from the 
accessed network to be routed through the gateway device. 
In contrast, the inbound traffic from the computer network or 
other online service that is routed through the gateway 
device undergoes a translation function at the gateway 
device so that the packets are properly formatted for the 
user's host computer. In this manner, the packet translation 
process that takes place at the gateway device 12 is trans- 
parent to the host, which appears to send and receive data 
directly from the accessed computer network. By imple- 
menting the gateway device as an interface between the user 
and the computer network or other online service, however, 
the user will eliminate the need to re-configure their com- 
puter 12 upon accessing subsequent networks as well as the 
need to load special configuration software on their com- 
puter to support the reconfiguration. 

Communication between users and networks or online 
services may be effectuated through ports, for example, 
located within hotel rooms or multi-dwelling units, or 
through conventional dial-up communications, such as 
through the use of telephone or cable modems. According to 
one aspect of the invention, users can be are redirected to a 
portal page, as described below. After being redirected to the 
portal page, the user is subjected to a AAA process. Based 
upon the AAA process, the user may be permitted transpar- 
ent access to the destination network or may be redirected to 
a login page in order to gather additional information to 
identify the user. 

Identifying the user is crucial in authorizing access to 
networks or online services, as such services are typically 
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provided for a fee and may be customized based upon the 
user, user's location, or user's computer. As discussed 
below, the user's identification may be used to direct the user 
to a specific portal page, which can be a particular webpage. 

5 As such, the system of the present invention includes means 
for identifying a user based upon an attribute associated with 
the user that is contained within the packet transmitted from 
the user's computer. Attributes can include any data well 
known in the art for identifying the user, the user's location, 
and/or the user's computer. In general, identifying a user's 
computer that accesses a network can be done by a media 
access control (MAC) associated with the computer. Iden- 
tifying a computer based upon a MAC address is well known 
to those of skill in the art, and will not be discussed in detail 

J 5 herein. Additionally, the attribute can be based upon a user 
name, ID, or according to one advantageous embodiment 
described below, a particular location, such as from a 
communications port in a hotel room. As such, the location 
of the user can be the identifiable attribute. 

20 According to one embodiment of the present invention, 
after a user accesses the computer network using a computer 
in communication with the gateway device 12, as described 
above, the user is directed to a portal page. The portal page 
may be maintained by an ISP or an enterprise network, or by 

25 any entry maintaining a webpage on the Internet. According 
to one aspect of the invention, the portal page can be a 
webpage containing any information whatsoever, and can be 
created by the ISP, enterprise network administrator or user. 
The portal page can contain information specific to the user 

30 accessing the network, as discussed in detail below. 

Regardless of whether a user accessing the computer 
network is authorized access to the network, the user is 
redirected to a portal page. After being redirected to a portal 
page, the gateway device of the present invention deter- 
as mines the authorization and access rights of the user based 
upon an Authentication, Authorization and Accounting 
method, as described in U.S. patent application Ser. No. 
09/458602 entitled "Systems And Methods For Authorizing, 
Authenticating And Accounting Users Having Transparent 

40 Computer Access To A Network Using A Gateway Device" 
filed concurrently with this application and incorporated by 
reference. 

According to one aspect of the invention, a user may be 
identified and authorized access to the network or online 

45 services based upon attributes associated with the user, such 
as the user's location or the user's computer. When this 
occurs, the user can be forwarded to a portal page unique to 
that user. As described below, and in the U.S. patent appli- 
cation incorporated by reference immediately above, the 

50 user may be identified without being queried to input any 
identification information so that upon accessing the com- 
puter network the user is automatically directed to a generic 
portal page or a portal page established specifically for and 
unique to that user. According to another aspect of the 

55 invention, a user may be identified and authorized access 
based upon the user's identity after being redirected to the 
portal page. T^e user may have to enter a login name and 
password while at the portal page or after being directed to 
a login page so that the ISP or other entity maintaining the 

60 gateway device can identify the user. After entering identi- 
fying data, the user may be directed to a particular portal 
page, as in the first aspect described above. According to a 
third aspect of the invention, the user is not authorized 
access to the network. Where this occurs the user will be 

65 directed from the portal page to a login page where the user 
will have to input identification information, such as the 
user's name, address, credit card number, and other relevant 
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data so that the user may be authorized to access the 
network. After the user enters suflBcient login data to estab- 
lish authorization, the user may be redirected to a portal 
page. 

The redirection is accomplished by a Home Page Redirect 
(HPR) performed by the gateway device, a AAA server, or 
by a portal page redirect unit located internal to or external 
to the gateway device. To accomplish the redirection of a 
user to a portal page, HPR utilizes a Slack Address Trans- 
lation (SAT) operation to direct the user to the portal page, 
which is preferably local to the gateway device so that the 
redirection will be efficient and fast. This is accomplished by 
redirecting the user to a protocol stack using network and 
port address translation to the portal server that can be 
internal to the computer network or gateway device. More 
specifically, the gateway device, AAA server or portal page 
redirect unit receives the user's HTTP request for a web page 
and sends back the HTTP response reversing the network 
and port address translation the portal server, essentially 
acting as a transparent 'go-between* to the user and portal 
server. It will be appreciated, however, that to receive the 
HTTP request the gateway device, AAA server or portal 
page redirect unit must initially open a Transmission Control 
Protocol (TCP) connection to a server in line with the 
user-requested internet address. 

According to one aspect of the present invention, when a 
user initially attempts to access a destination location, the 
gateway device, AAA server or portal page redirect unit 
receives this request and routes the traffic to a protocol stack 
on a temporary server, which can be local to the gateway 
device. This can occur where a user initially opens a web 
browser resident on the user's computer and attempts to 
access a destination address, such as an Internet site. The, 
destination address can also include any address accessible 
via the network or an online service, and can include the 
portal page. The protocol stack can pretend to be the 
user-entered destination location long enough to complete a 
connection or 'handshake'. Thereafter, this protocol stack 
directs the user to the portal server, which can be local to the 
gateway device to facilitate higher speed communication. 
The redirection to the portal server can be accomplished by 
redirecting web pages only, rather than all trafiHc, including 
E-mails, FTPs, or any other traffic. Therefore, once 
authorized, if a user does not attempt to access a webpage 
through the user's internet browser, the gateway device can 
forward the communication transparently to the user's 
requested destination without requiring the user to access the 
portal page. Furthermore, according to one aspect of the 
invention specific user-input destination addresses may be 
authorized to pass through the gateway device without being 
redirected. 

The portal page can also be specialized based on the user, 
user's location, user's computer, or any combination thereof 
For example, assuming that the user has been authenticated 
and has authorization, the gateway device can present users 
with a portal page that identifies, among other things, the 
online services or other computer networks that are acces- 
sible via the gateway device. In addition, the portal page 
presented by the gateway device can provide information 
regarding the current parameters or settings that will govern 
the access provided to the particular user. As such, the 
gateway administrator can readily alter the parameters or 
other settings in order to tailor the service according to their 
particular application. Typically, changes in the parameters 
or other settings that will potentially utilize additional 
resources of the computer system will come at a cost, such 
that the gateway administrator will charge the user a higher 
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rate for their service. For example, a user may elect to 
increase the transfer rate at which signals are transmitted 
across the computer network and pay a correspondingly 
higher price for the expedited service. 

5 The portal page may include advertising tailored to the 
specific needs of the user. The gateway device would be 
capable of tailoring the material based upon user profiles in 
the network. The portal page may also incorporate surveys 
or links to surveys to provide the network provider with 

-,Q beneficial statistical data. As an ancillary benefit, the user 
who responds to the surveys may be rewarded with network 
access credit or upgraded quality. Additionally, the service 
provided could offer additional services to the user by way 
of the portal page or Links to these services may be offered 

J 5 on the portal page. These services offered by the network 
service provider are not limited to the services related to the 
network connection. For example, a hotel may desire to offer 
the user in-room food service or a multi-unit dwelling may 
want to offer house cleaning service. 

20 The portal page may also comprise information related to 
the status of the current network session. By way of example 
this information may include, current billing structure data, 
the category/level of service that the user has chosen, the 
bandwidth being provided to the user, the bytes of informa- 

25 tion currently sent or received, the current status of network 
connection(s) and the duration of the existing network 
connection(s). It is to be understood, by those skilled in the 
art to which this invention relates that all conceivable useful 
information relating to the current network session could be 

30 displayed to the user in a multitude of combinations as 
defined by the user and/or the gateway administrator. The 
gateway administrator wiU have the capability to dynami- 
cally change the information supplied in the portal page 
based on many factors, including the location of the user, the 

35 profile of the user and the chosen billing scheme and service 
level. The information provided in the portal page may 
prompt the user to adjust any number of specific parameters, 
such as the billing scheme, the routing, the level of service 
and/or other user-related parameters. 

40 The portal page may be implemented with an object- 
oriented programming language such as Java developed by 
Sun Microsystems, Incorporated of Mountain View, Calif. 
The code that defines the portal page can be embodied 
within the gateway device, while the display monitor and the 

45 driver are located with the host computers that are in 
communication with the gateway device. The object ori- 
ented programming language that is used should be capable 
of creating executable content (i.e. self-running 
applications) that can be easily distributed through network- 
so ing environments. The object oriented programming lan- 
guage should be capable of creating special programs, 
typically referred to as applets that can be incorporated in 
portal pages to make them interactive. In this invention the 
applets take the form of the portal pages. It should be noted 

55 that the chosen object-oriented programming language 
would require that a compatible web browser be imple- 
mented to interpret and run the portal page. It is also possible 
to implement the portal page using other programming 
languages, such as HTML, SGML and XML; however, these 

60 languages may not be able to provide all the dynamic 
capabilities thai languages, such as Java provide. 

By re -directing the user to the portal page the gateway 
administrator or network operator is provided the opportu- 
nity to present the user with updated information pertaining 

65 to the remote location (i.e. the hotel, the airport etc.). By way 
of example the portal page may provide for links to the 
corporate home page, a travel site on the Internet, an Internet 
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search engine and a network provider honae page. address associated with the user's computer, or a combina- 

Additionally, the buttons or any other field within the portal tion thereof The means in which a user is identified and 

page may include olheriypes of information options, such as access rights arc determined is based upon an 

advertising fields or user-specific links or fields based upon Authentication, Authorization and Accounting (AAA) 
data found in the user's profile or inputted by the user. S method implemented by the AAA server, and disclosed in 

• . J .u . .u .1 .r.A. U.S. patent application Ser. No. 09/458,602, and filed con- 
It will be appreciated that the portal page is not limited to '.r,.. ,. 
1 . , c 1 . J . ) u ii- J currently with this application, 
supplying information related to the users bilhng and ^ ^ ^ . . . 
service plans. It is also possible to configure the portal page One function of the AAA server is to identify the user m 
to include information that is customized to the user or the communication with thcgatcway device in a manner that is 
location/site from which the user is remotely located. For 10 transparent to the user. That is, the user will not be required 
example, the user may be located at a hotel for the purpose '° ^^nfig^^ 'he computer or otherwise change the home 
of attending a specific convention or conference either in the ^^^^l^' ^"/j"" additional configuration software 
hotel or within the immediate vicinity of the hotel. Tlie ^ill have to be added to the computer. According to one 
gateway device may have "learned" this information about embodiment of the present invenUon after a user is directed 
the user through an initial log-on profile inquiry or the is <o a portal page, the AAA sen^r can be accessed to authorize 
gateway administer may have inputted this information into authenUcate the user, Hierefore, upon accessing the 
a database network, the user may be forwarded to a generic portal page, 
^ , . ^, . ^ . and after the user may be authenticated, the user can be 
■nie gateway device can store user profile information fo^^rded via HPR and SAT to a specialized portal page, as 
within a user-specific AAA database, as descnbed below, or described above 

it can store and retrieve data from external databases. The .r. • • . r c r j 
, . . at, • CI After receivmg a request for access from a user, forward- 
gateway device can be configured to recognize these profiles . . , J -J .VC. • *1. 

, , ^ , ,1 1 T .t. L . 1 ing the user to a portal page, and identifying the user or 

and to customize the portal pace accordinely. In the hotel , * * a j . • *u • c 

. , , ^ 1 J 1- 1 r location the AAA server then determines the access rights or 

sccnano, the portal page may mclude a link tor convention ... t jj- • . • ^ l 

r ■ ir JL.i_i..i the particular user. In addition to stonng whether users have 

or conference services offered by the hotel. • t. ci j . l i * i j 

25 valid access rights, the user profile database can also mclude 

In another example of location specific portal page data, specialized access information particular to a specific loca- 
the user may be remotely accessing the gateway device ^-^^ ^^^^^ ^^^^ ^^e bandwidth of the user^s access, or 
while located m a specific airport terminal. The gateway ^ portal page to which a user should be directed. For 
device will be configured so that it is capable of providing ^^^^^i^^ ^ accessing the network from a penthouse 
ready access to information related to that specific airport ^^^^-^^ ^ higher access band rate than someone access- 
terminal, i.e. information pertaining to the current flights destination network from a typical hotel room, 
scheduled to depart and arrive that terminal, the retail Additionally, a user profile can include historical data relat- 
services offered in that specific terminal, etc. In this manner, -^^ ^ ^^^.^ ^^^^^ network, including the amount 
the portal page may include a bnk for tenminal specific flight ^^^^^ ^ ^^^^^^^^ ^^e network. Such historical 
information and/or terminal specific retail services available 3^ information can be used to determine any fees which may be 
to the user. charged to the user, or due from the user, for access. 

It will also be appreciated that the HPR may be configured Specialized access information contained within the user 

so a user is redirected to a portal page upon specific default profile may be established by the system administrator, or by 

occurrences, such as a time out, or according to preset time. the user who has purchased or otherwise established access 
For example, the portal page may act as a screen-saver, 4^ to the network. For example, where a user is transparenUy 

where the user is redirected to a portal page after a given accessing the gateway device from a hotel room, the hotel 

period of inactivity. These functions may be established by network administrator may enter user access information 

the ISP or enterprise network administrator. into the profile database based upon access rights associated 

Customization of the information comprising the portal with a room in the hotel. This can also be done automatically 
page is not limited to the gateway administrator or the 45 by the gateway device or a local management system, such 

networkoperator. The user may also be able to customize the as a hotel properly management system, when the user 

information that is provided in the portal page. The user checks into his or her room. 

customization may be accomplished either directly by the Assuming that a user does not have a subscription for 
user configuring the portal page manually or indirectly from access to the network, a login page enables new users to 
the gateway device configuring the portal page in response 50 subscribe to the computer network so that they may subse- 
to data found in the user-specific profile. In the manual quently obtain access to networks or online services trans- 
embodiment the user may be asked to choose which infor- parently through the gateway device. The iiser may take 
mation or type of information they would like supplied in the steps to become authenticated so that the user's infomaation 
portal page for that specific network session. For instance, may be recorded in the user profile database and the user is 
the user may require an alarm clock counter to insure an 55 deemed valid. For example, a user may have to enter into a 
appointment is met or the user may require periodical purchase agreement, requiring the user to enter a credit card 
updates of a specific stock quote. The information that a user number. If the user needs to purchase access, or if the system 
customizes for the portal page may be network session needs additional information about the user, the user is 
specific, may be associated with the duration of a gateway redirected from the portal page via HPR and SAT to a 
subscription or may be stored in a user profile for an location, such as a login page, established to validate new 
indefinite period of time. The gateway device's ability to users. SAT and HPR can intervene to direct the user to a 
communicate with numerous user databases provides the webserver (external or internal) where the user has to login 
basis for storing user specific profiles for extended periods and identify themselves. Location-based information and 
of time. authorization, as described in detail in U.S. patent applica- 
As explained above, the portal page presented to the user 65 tion Ser. No. 60/161,093, incorporated herein by reference, 
can be dependent upon an attribute associated with the user, can be sent to the portal page as part of this redirection 
such as the user's identification, the user's location, an process. This enables the portal page to be customized to 
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include customized informauoa, such as locale resiaurani 
ads or train schedules. 

Assuming that a user has not been authorized access to the 
network based upon location based identification or user 
input identification, the user must provide the gateway 
device with suflBcient information to become authorized 
access. Where the user is not authorized access the user is 
forwarded via HPR and SAT from the portal page to a login 
page. The login page enables new users to subscribe to the 
computer network so that they may subsequently obtain 
access to networks or online services transparently through 
the gateway device. To direct the users to a login page the 
AAA server calls upon the HPR function. The HPR directs 
the user to the login page, and after the user has entered 
requisite information into the login page, the AAA server 
adds the new information to the customer profile database 
and can direct the user to the user's desired destination, such 
as an Internet address or can return the user to a portal page, 
depending upon the design of the system. Thus, new users 
can gain access to networks or online services without being 
predefined in the user profile database. 

After receiving the user's login information, the AAA 
server will create a user profile utilizing this information so 
that the user will be able to obtain immediate access to the 
network next time the user logs in without being required to 
enter login information again. The AAA server can create a 
profile for the user in a locally stored user profile database, 
or can update the user profile in a database external to the 
gateway device. Regardless of the location of the user 
profile, the next time the user attempts to login the user's 
profile will be located in the user profile database, the user's 
access rights determined, and the user allowed transparent 
access to networks or services. 

Many modifications and other embodiments of the inven- 
tion will come to mind to one skilled in the art to which this 
invention pertains having the benefit of the teachings pre- 
sented in the foregoing descriptions and the associated 
drawings. Therefore, it is to be understood that the invention 
is not to be limited to the specific embodiments disclosed 
and that modifications and other embodiments are intended 
to be included within the scope of the appended claims. 
Although specific terms are employed herein, they are used 
in a generic and descriptive sense only and not for purposes 
of limitation. 

That which is claimed: 

1. A method for redirecting an original destination address 
access request to a redirected destination address, the 
method comprising the steps of: 

receiving, at a gateway device, all original destination 
address access requests originating from a computer; 
determining, at the gateway device, which of the original 

destination address requests require redirection; 
storing the original destination address if redirection is 
required; 

modifying, at the gateway device, the original destination 
address access request and communicating the modi- 
fied request to a redirection server if redirection is 
required; 

responding, at the redirection server, to the modified 
request with a browser redirect message that reassigns 
the modified request to an administrator-specified, redi- 
rected destination address; 

intercepting, at the gateway device, the browser redirect 
message and modifying it with the stored original 
destination address; and 
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sending the modified browser redirect message to the 
computer, which automatically redirects the computer 
to the redirected destination address. 

2. The method of claim 1, further comprising the step of 
5 directing the computer to the stored original destination 

address after the computer has been automatically redirected 
to the redirected destination address. 

3. The method of claim 2, wherein the step of directing the 
computer to the stored original destination address occurs 
after a predetermined length of time. 

4. The method of claim 2, wherein the step of directing the 
computer to the stored original destination address occurs 
after a predetermined computer input event has occurred. 

5. The method of claim 1, wherein the step of responding, 
at the redirection server, to the modified request with a 
browser redirect message that reassigns the modified request 
to an administrator-specified, redirected destination address 
further comprises responding, at the redirection server, to the 

20 modified request with a browser redirect message that 
reassigns the modified request to a redirected destination 
address associated with a login page. 

6. A system for redirecting an original destination address 
access request to a redirected destination address, the system 

25 comprising: 

a computer that initiates original destination address 
requests; 

a gateway device in communication with the computer, 
3Q that receives the original destination address requests 
from the computer, determines if redirection of any of 
the original destination address requests is required, 
stores the original destination address request if redi- 
rection is required and modifies the original destination 
35 address request if redirection is required, and 

a redirection server in communication with the gateway 
device that receives the modified request from the 
gateway device and responds with a browser redirect 
message that reassigns the request to an administrator- 
specified, redirect destination address, 
wherein the gateway device intercepts the browser redi- 
rect message and modifies the response with the stored 
original destination address before forwarding the 
45 browser redirect message to the computer and wherein 
the computer receives the modified browser redirect 
message and the computer is automatically redirected 
to the redirect destination address. 

7. The system of claim 6, further comprising a user profile 
50 database in communication with the gateway device that 

includes stored user-access information. 

8. The system of claim 6, further comprising an 
Authentication, Authorization and Accounting (AAA) 
server in communication with the gateway device and user 
profile database, the AAA server determines if a user of the 
computer is entitled to access the original destination 
address requests based upon the user-access information 
stored within the user profile database. 

9. The system of claim 6, wherein the redirection server 
is located within the gateway device. 

10. The system of claim 7, wherein the user-profile 
database is located within the gateway device. 

11. The system of claim 8, wherein the AAA server is 
65 located within the gateway device. 

* * ^ * * 
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